End User not able to download Attachment

Go to solution
sach1
Tera Guru

‎09-04-2014 12:02 AM

Hi All,

We have a link by the name "Get User Manual" on the ESS portal. Attached is the snapshot(Get Manual).

Get Manual.JPG

The Issue is that..When 'admin' clicks on the link he is able to download the user manual but when a End User clicks on the link he is directed to a blank page with URL having the sys_id of attachment. Attached is the screenshot.

Blank Attachment page.JPG

What could be the possible issue here ? I could only find acl's related to Live feed.

Regards,

Sachin

Labels:
Preview file
15 KB
Preview file
32 KB
0 Helpfuls
  • 8,606 Views
1 ACCEPTED SOLUTION

Go to solution
marcguy
ServiceNow Employee
ServiceNow Employee
In response to vlbond

‎09-04-2014 01:23 AM

As Valery Bondarchik says, the out of the box read ACL only allows a user to see any attachment if they have 'itil' role, if not then there is a check done to see if it's their attachment so you would need to modify this but in doing so you open up a security concern unless you specify a seperate read ACL for that sys_attachment record only.



i.e.


new read acl with condition of sys_id is 'your manual sys_id'



script:


answer = true;


View solution in original post

4 REPLIES 4

Go to solution
vlbond
Tera Guru

‎09-04-2014 12:40 AM

Hello, Sachin!


Can you check if ACL read rule script on sys_attachment table returns true? It is possible that the user does not have read permissions on the parent record (check the attachment's 'Table name' and 'Table sys_id' fields).



Hope that helps!


0 Helpfuls

Go to solution
marcguy
ServiceNow Employee
ServiceNow Employee
In response to vlbond

‎09-04-2014 01:23 AM

As Valery Bondarchik says, the out of the box read ACL only allows a user to see any attachment if they have 'itil' role, if not then there is a check done to see if it's their attachment so you would need to modify this but in doing so you open up a security concern unless you specify a seperate read ACL for that sys_attachment record only.



i.e.


new read acl with condition of sys_id is 'your manual sys_id'



script:


answer = true;


Go to solution
sach1
Tera Guru
In response to marcguy

‎09-04-2014 02:25 AM

Thank You Valery Bondarchik and mguy.



I did not want to modify the OOB Acl's to avoid opening up the security. So I took your suggestion of creating a ACL Specific to that record and it is working fine   now.



Regards,


Sachin


0 Helpfuls

Go to solution
Gaurav Vaze
Kilo Sage

‎09-23-2024 04:49 AM

I am facing the same issue but in a different manner

The user is unable to open the attachment attached via the "Attachment" variable. I tried to open the attachment with my admin account and It did work.

I am trying to download the attachment by impersonating an end user, but when I click on the attachments, it doesn't download but opens a new blank tab showing the sys ID of the attachment.

user has an ITIL role but still, he/she is not able to download the attachments.

These attachments are getting stored in the ZZ_YYsc_cart_item table.

Any help will be appreciated!

0 Helpfuls